|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing
From: Robert Swiecki (jagger
swiecki.net)
Date: Thu Jun 14 2007 - 18:31:39 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> There is a vulnerability in Apple Safari...
Here's another one. With a specially crafted web page, an attacker can
fill the client browser window with an arbitrary content, whereas window
title and the content of the urlbar are freely settable.
Tested with shiny, new, patched Safari 3.0.1 (522.12.12) on Windows 2003
SE SP2.
http://alt.swiecki.net/saff.html
--
Robert Swiecki
http://www.swiecki.net
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]